Euroling AB SiteSeeker 'click tracking' Cross Site Scripting Vulnerability

Bugtraq ID:	52874
Class:	Input Validation Error
CVE:	CVE-2012-1032
Remote:	Yes
Local:	No
Published:	Apr 04 2012 12:00AM
Updated:	Apr 04 2012 12:00AM
Credit:	David Johansson
Vulnerable:	Euroling AB SiteSeeker 3.4.4
Not Vulnerable:	Euroling AB SiteSeeker 3.4.5

Euroling AB SiteSeeker 'click tracking' Cross Site Scripting Vulnerability

SiteSeeker is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

SiteSeeker 3.4.4 is vulnerable; other versions may also be affected.

Euroling AB SiteSeeker 'click tracking' Cross Site Scripting Vulnerability

An attacker can exploit the issue by enticing an unsuspecting user to visit a specially crafted URL.

Euroling AB SiteSeeker 'click tracking' Cross Site Scripting Vulnerability

Solution:
Reportedly the vendor has fixed the issue, however, Symantec has not confirmed it. Please contact the vendor for more information.

Euroling AB SiteSeeker 'click tracking' Cross Site Scripting Vulnerability

References:

• SiteSeeker Homepage (Euroling AB)